Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

sonicskilz

Posted 22 April 2015 - 05:23 PM

sonicskilz

Member

Member

31 posts

I've been getting hover ads, popup ads, randomly placed ads and browser redirects to virus removal sites from an ad serving service that I have not requestsed in my browser. It's currently called "ActiveDeals." I can remove it from my browser extensions at chrome://extensions. However, there is a more deeply seeded issue at play.

I removed another ad network that did the same types of things a few weeks ago. It had a different name that I don't recall. So I have something in my system that keeps installing these malicious and annoying ad networks. I can remove them from Chrome directly, but then they just get regenerated fairly quickly.

I installed good ole Malwarebytes, which has detected things to quaranteen and resolve, but doesn't seem to permanently resolve the issue anymore than deleting the extensions.

If it helps to know where I'm redirected, I just got sent to reimageplus.com with a heading of "Windows PC Repair." Help is greatly appreciated!

Advertisements

dbreeze

Posted 22 April 2015 - 06:18 PM

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.

All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:

Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.

Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.

If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.

While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.

Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.

Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folderand the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse andselect the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Since you only state Win8 for a OS, please download both versions below (unless you know if the system is 32 or 64 bit).

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Notes: Google applications have been modified by malware and should be reinstalled to repair them. We will handle that after a FRST script run (used to break the active malware). The Norton product is not regestered in the system properly; either it is expired or damaged. If Norton is supposed to be your prinary security software (your license is not expired) you will need to save your license key before you uninstall Norton. This will allow you to install and activate the product later.

Second, run a FRST script >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Last, reinstall Chrome >>>>

After the system is restarted from the FRST script run, please double click on the Google Chrome install file on your desktop (saved from Step 1) and follow the prompts to install Chrome.

sonicskilz

Posted 25 April 2015 - 02:59 PM

sonicskilz

Member

Topic Starter

Member

31 posts

ActiveCoupon would not uninstall. It pops up with a window entitled "xyz Uninstall" and another Window on top of that, which is titled "Uninstall" and contains the text "Plese close your browser and try again". The only option is to click "OK". No browser Window is actually open, and the message is really spelled "Plese."

Uninstalling CableTerm procs an error titled "RunDLL" with the following text:

"There was a problem starting

C:\PROGRA~2\TAMPAM~1\tampam~1.DLL

The specified module could not be found."

Again, the only option is to click "OK". I'm assuming that these items failing to properly uninstall invalidates the rest of the procedure that you have outlined for me. If I should still proceed with everything else you posted above, please let me know and I'll just do everything else. Otherwise, please advise on another course of action.

Posted 26 April 2015 - 12:41 PM

sonicskilz

Posted 26 April 2015 - 03:15 PM

sonicskilz

Member

Topic Starter

Member

31 posts

I like your attitude!

The uninstalls went without a hitch, besides the CableTerm and ActiveCoupon of course. I restarted once for Norton Internet Security to complete it's uninstall, then restarted once again to apply the FRST fixlist, and finally downloaded Chrome for 64bit Windows 8. System seems to be running well, although Shockwave flash has already crashed once in the brief time I've been running this fresh install of Chrome.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015

dbreeze

Posted 27 April 2015 - 08:46 AM

Your version of Malwarebytes' Antimalware is not the most current. Let's update it and see what it finds ....

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from here .

Double Click on the mbam-setup.exe file to install the application. It should just update the current installation, keeping your current settings.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"

Once the program has loaded and updated, select "ScanNow >>" to start the scan.

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

Make sure that everything is checked, and click Remove Selected. when the removal is completed, a summary screen will be presented.

At the bottom of this screen, click on Save Results and then on Text file (*.txt). Save the file to your desktop and click OK. Click Finish to return to the main screen and then close Malwarebytes.

Double click on log file you saved to your desktop; the log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

dbreeze

Posted 27 April 2015 - 09:58 PM

dbreeze

Trusted Helper

Malware Removal

2,216 posts

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checkedScan archives is checkedScan for potentially unsafe applications is checkedEnable Anti-Stealth Technology is checked

Now click on: Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

dbreeze

Posted 30 April 2015 - 07:53 PM

dbreeze

Trusted Helper

Malware Removal

2,216 posts

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

sonicskilz

Posted 02 May 2015 - 01:44 PM

sonicskilz

Member

Topic Starter

Member

31 posts

Thanks for the help so far, dbreeze! Am I correct in assuming that we're closing in on a final resolution? I noticed CableTermand ActiveCoupon are gone from the application list in add or remove programs.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015